amuck-landowner

RamNode Down?

TheLinuxBug

New Member
My thoughts are that the SolusVM bug is a major issue. It can be used to basicly remove all vms and do some other naughty things. As per what is ongoing on with RamNode, I really hope that is not the case.


Cheers!
 

bizzard

Active Member
One of mine is still down and seems like its on ATLCVZ7 as its the only OpenVZ node down now as per the Pingdom monitoring. Looking forward to hear from Nick_A.
 

Ivan

Active Member
Verified Provider
Here's an official statement from Nick, he posted it on a thread in LET.

Ok, I am working feverishly to get everything back up ASAP. Robert Clarke definitely ran the exploit, as he has admitted to both publicly and privately. I do not have an ETA for every VPS. Some nodes were unharmed and are back up. Some were wiped. Some are in between. I will be restoring SolusVM, then our website, then as many VPSs from backups as possible. Thank you for your understanding and support.
 

wlanboy

Content Contributer
My vps was offline from 14:41:33 to 16:14:12.

Ok, down again.
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
What the hell is up with the hack and Robert Clarke being implicated as the culprit?

Maybe Lowend should merge with Hackforums?  Communities seem to be about the same age, interest, etc.
 

drmike

100% Tier-1 Gogent
I read that @MartinD.

Seems like the kid can't be trusted.

Time for the coffin nails for his hosting business.
 

earl

Active Member
It does not make sense thought why would he openly admit to the attack on ramnode knowing full well that it will be tarnishing his business?
 

drmike

100% Tier-1 Gogent
@NickA / Ramnode is a stand up guy, so if he believes he is sure about the culprit I believe him.

Unsure why Clarke has been so forthcomnig about the matter and allegedly non protected in doing such.

All for seeing RamNode bring legal charges over the matter.
 

Otakumatic

New Member
A friend's site, hosted at RN is partially up (as in, he uses a free forum host for the forum due to content transferring issues, but uses his RN VPS for an AJAX chat), and he told me that RN was down. I'm suprised, honestly, cause RN seemed to be one of those hosts who rarely have downtime, and when they do, it's short. Anything could happen though! :p
 

earl

Active Member
Well Robert does seem to have been the target for a lot of pranks.. I would not be surprised if he is being setup.. I just can't see how someone can be that foolish?
 

earl

Active Member
I'm not second judging Nick, I'm sure Robert or someone impersonating Robert did confront Nick.. but the whole thing just don't make sense Robert has too much to lose to openly admit to doing something like this.. but hey, I could be wrong, who knows anymore!! with all this hack and the general hostility in the community sometimes I wonder if it's time for a new hobby!
 

Aldryic C'boas

The Pony
I usually don't get involved in messes like this... but here's a little something yanked from from our own logs:

50.46.111.187 manage.buyvm.net - [16/Jun/2013:02:51:56 -0700] "GET /centralbackup.php HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 AlexaToolbar/alxg-3.1"

 

Note the IP address.

 

Looks like that WHMCS Login Tracker is going to come in handy here:

 

robertclarke.png


 

EDIT:  For anyone unsure what they're looking at here... that terminal window is just running a perl script that retrieves records from our billing panel logins, and puts it in a nice, readable table.

 

I would also like to note that as of 1017h of 09June, Clarke's services with us were terminated, and he was barred from further service.  I disclose this to emphasize the fact that he had no reason to be "testing" an exploit on us (for a panel we don't even use).

 

And as for the rest of you that tried to 'test' on us as well... yes, I know who you are, and yes, it will impact your tenancy with us.  Too late to claim "just watching your back".
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Damn that @Aldryic.  Tee hee!!!   On top of problems and rectally probing the fools.

The BuyVM gods spoke and Robert just got owned.

Did young Robert contest his suspension?  Claim he was hacked?
 
Top
amuck-landowner